Results 1 to 6 of 6
  1. #1
    New Lounger
    Join Date
    Feb 2004
    Location
    Huntersville, North Carolina
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Certificate Errors on Facebook and Gmail

    A friend's PC is experiencing certificate errors on Facebook and Gmail with the following message:

    "The security certificate presented by this website was issued for a different website's address."


    The date/time are correct, even though we know 99% of certificate problems are caused by a wrong clock.

    After much research and resetting the IE settings, I have made no progress.

    Here are the PC specs:
    • Windows 7 SP-1
    • IE-9
    • KB2641690 installed - re fraudulent certificates.
    • System clean - MSSE, Malwarebytes, and Spybot all report no infections.
    I need an inspired answer.

    Zonny

  2. #2
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    The answer, in part is in the message:

    The security certificate presented by this website was issued for a different website's address.
    That's not an expired certificate (as you correctly say caused by the clock being wrong), but is a fraudulent certificate. I would be highly suspicious of the sites and not login into them until you can be sure they are genuine. Check the Hosts file for any re-direction.

    You already have one Windows Update for fraudulent certificates, but it might be worthwhile looking at the installed certificates and double checking that there are other no fraudulent ones. Also verify that Digitnotar certs are blacklisted using KB2616676.

  3. #3
    New Lounger
    Join Date
    Feb 2004
    Location
    Huntersville, North Carolina
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Already Done on a re-built PC:

    === Checked the hosts files for redirection.
    === Verified that Digitnotar certs are NOT blacklisted.

    Thanks anyway, but I need another reply. Clearly Facebook and Gmail are not using fraudulent certificates or all of us would have the same message. What would cause my browser to display the following message:

    "The security certificate presented by this website was issued for a different website's address." <==== If this this is a false message what can be tripping it?

    Anyone else got an inspired answer?

    Zonny

  4. #4
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    You could still be the victim of a DNS hijack taking you to fraudulent sites offering up fraudulent certs that attempt to fool you into thinking you are on the genuine site. According to the message, the cert does not match the site.

    Presumably a typo, but are you sure that the Digitnotar certs are not blacklisted?......they should be!

    How about checking the proxy settings (Internet Options>Connections>LAN Settings). There should be no proxy re-direction.

    Do you have the opportunity to verify the behaviour on a second machine? Is it the same? How about taking that suspect machine to a different location, using a different internet provider?

  5. #5
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,753
    Thanks
    171
    Thanked 652 Times in 575 Posts
    Quote Originally Posted by Zonny View Post
    "The security certificate presented by this website was issued for a different website's address."
    It could be as simple as leaving the "www." off the URL in a favorite/shortcut: Security Certificate Errors: Name Mismatch in Web Browser


    Quote Originally Posted by Zonny View Post
    === Verified that Digitnotar certs are NOT blacklisted.
    I don't understand why you inserted the NOT there. Could you explain?


    Bruce

  6. #6
    New Lounger
    Join Date
    Feb 2004
    Location
    Huntersville, North Carolina
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    === Verified that Digitnotar certs are NOT blacklisted. TYPO
    === Verified that Digitnotar certs are blacklisted. <---- Corrected


    === Digitnotar certs are blacklisted!

    === I will check the DNS and proxy settings.
    === Moving the machine is difficult - business PC, and am working remotely.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •